Written entirely in C, Ghostscript is a package of software that runs on different platforms, including Windows, macOS, and a wide variety of Unix systems, offering software the ability to convert PostScript language files (or EPS) to many raster formats, such as PDF, XPS, PCL or PXL.

A lot of popular PDF and image editing software, including ImageMagick and GIMP, use Ghostscript library to parse the content and convert file formats. Ghostscript suite includes a built-in -dSAFER sandbox protection option that handles untrusted documents, preventing unsafe or malicious PostScript operations from being executed.

To exploit this vulnerability, all an attacker needs to do is sending a specially crafted malicious file (which could be a PDF, PS, EPS, or XPS) to a victim, which, if opened with an application leveraging vulnerable Ghostscript, could allow the attacker to completely take over the targeted system.

At the time of writing, Artifex Software, the maintainers of Ghostscript, have not released any patch to fix the vulnerability.

According to advisory released by US-CERT, applications like the ImageMagick image processing library, which uses Ghostscript by default to process PostScript content, are affected by the vulnerability.

Major Linux distributions including RedHat and Ubuntu have confirmed that they are also affected by this vulnerability, while the status for Arch Linux, CentOS, Debian, Dell, Apple, and others is still unknown.

Ormandy advised Linux distributions to disable the processing of PS, EPS, PDF, and XPS content until the issue is addressed.

This is not the first time when Ormandy has discovered issues in Ghostscript. He found similar high severity vulnerabilities in Ghostscript in October 2016 and April last year (CVE-2017-8291), some of which were found actively exploited in the wild.